macOS is known for its strong security; it provides you with the option to encrypt and decrypt your storage drive’s data to protect your files and folders from prying eyes and hackers. However, what if you delete important files or the storage drive becomes corrupt. You would want to recover the data, but conventional Mac data recovery tools do not provide recovery from an encrypted storage drive. In this blog, we will share methods to encrypt, decrypt, and recover files from an encrypted/corrupt storage drive.
![]() Methods to Encrypt Storage Drive on Mac
McAfee Complete Data Protection—Advanced features data loss prevention, full-disk encryption, device control, and protection for cloud storage. Protect Data from Loss and Theft. Render data unreadable in the event of device loss or theft. Our enterprise-grade endpoint encryption solution is FIPS 140-2 and Common Criteria EAL2+ certified. On your Mac, choose Apple menu System Preferences, click Security & Privacy, then click FileVault. Click the lock icon to unlock it, then enter an administrator name and password. Click Turn On FileVault. Choose how to unlock your disk and reset your login password if you forget it.
To encrypt a storage drive, you can use any one of the following methods that befit your requirement:
Method 1: Using Finder
After Mac finishes the process, the storage drive is encrypted. You can unlock the drive by keying in its password.
Method 2: Using FileVault
Mac encrypts your disk in the background. You can check the encryption progress from the FileVault section. After encryption when you restart your Mac, the system needs the password to finish starting up.
Method 3: Using Disk Utility
Disk Utility now completes the erase process of your storage drive. When it finishes, the drive mounts on the computer, and you can use it to transfer files. In addition, the system has encrypted your drive; therefore, you need to enter the drive’s password every time you try to access it. If you forget the password, the drive turns inaccessible.
Methods to Decrypt Password Protected Storage Drive on Mac
Similar to encrypting a storage drive, macOS also makes the process of decryption easy. To decrypt a storage drive, use any one of the following methods suitable for your case.
Method 1: Using Finder
After Mac decrypts the drive, you no longer need to type a password to access it.
Method 2: Using FileVault
Mac decrypts your disk in the background. You can check the decryption progress from the FileVault section.
Method 3: Using Disk Utility
Method 4: Using Command Line
It is vital to decrypt data in the right way using the command line as the incorrect operation can result in data loss.
For APFS Drive
For Other Drive
![]()
Don’t Miss!Get 3 Activations ofMac Data Recovery Software@ 50% OFF
Copy Coupon Code
Copied
Offer valid till 31 March 2020
Recover Files from an Encrypted/Corrupt Mac Storage Drive
You know data recovery from an encrypted storage drive was an uphill task. However, Stellar Data Recovery Professional for Mac made deleted file recovery easier from a password-protected volume(s). Besides, support for a Time Machine & Sparsebundle disk image recovery makes Stellar one of the best data recovery software for Mac.
Follow the steps listed below to recover deleted or lost data from an encrypted Mac startup disk or any other external drive:
Step 1) Launch Stellar Data Recovery Professional for Mac. Choose ‘Recover Everything’ or ‘Customize Your Scan’ from ‘Select What To Recover screen’ for the recovery of a specific file type
Step 2) Select your mounted encrypted Mac storage drive or encrypted external drive from the ‘Select Location Screen’ screen
(Note: Provide the password to unlock the storage drive. This step is important because without unlocking the drive you cannot scan it for deleted file recovery)
Drive is unlocked as shown,
Step 3) Scan the encrypted storage drive and wait until the scanning process completes entirely
Step 4) Expand the scanned items listed by the software in three views Classic List, File List, and Deleted List
Step 5) Double-click a file to launch its preview to check its quality and select all the desired files
Step 6) Click the Recover button to save your recoverable files. Browse the desired destination and click Save (Note: To save the recoverable files, registration of the Mac data recovery software is required)
The software saves the recovered files to your provided destination, which needs to be different from the recovery storage drive/volume. Open the destination drive to verify the recovered data. You can also use the software to recover data in case the encrypted storage drive is corrupt, just select the corrupt drive from the Storage Location screen and perform Deep Scan; this finds data by skipping or reading bad sectors without halting. Moreover, the software provides the option to Create Image of the entire disk for easy and trouble-free recovery from corrupt disk.
AMAZING OFFER
GET 3 ACTIVATION LICENSES OF STELLAR DATA RECOVERY SOFTWARE FOR MAC Use Coupon: SPDMC20N Checkout: https://bit.ly/2RToOvQ Conclusion
Although the macOS has made the process of encryption and decryption easy and convenient, one should be careful and follow the steps provided in the blog as a small mistake can lead to data loss. However, if you have met such a data loss disaster, do not worry, Stellar Data Recovery Professional for Mac does not only recover from encrypted storage drive but also when your drive becomes corrupt during the decryption process.
This versatile software is APFS compatible and can handle any type of logical data loss situation be it encryption, corruption, inaccessibility, erasure, or emptying of Trash. To check its interface, scan-capability, and other powerful features download the software for Free and once satisfied Register the software to get unlimited data recovery capability – the assets for preventing data loss disaster.
FileVault is a disk encryption program in Mac OS X 10.3 (2003) and later. It performs on-the-fly encryption with volumes on Maccomputers.
Versions and key features[edit]
FileVault was introduced with Mac OS X Panther (10.3),[1] and could only be applied to a user's home directory, not the startup volume. The operating system uses an encrypted sparse disk image (a large single file) to present a volume for the home directory. Mac OS X Leopard and Mac OS X Snow Leopard use more modern sparse bundle disk images[2] which spread the data over 8 MB files (called bands) within a bundle. Apple refers to this original iteration of FileVault as legacy FileVault.[3]
Mac OS X Lion (2011) and newer offer FileVault 2,[3] which is a significant redesign. This encrypts the entire OS X startup volume and typically includes the home directory, abandoning the disk image approach. For this approach to disk encryption, authorised users' information is loaded from a separate non-encrypted boot volume[4] (partition/slice type Apple_Boot).
FileVault[edit]
The original version of FileVault was added in Mac OS X Panther to encrypt a user's home directory.
Master passwords and recovery keys[edit]
When FileVault is enabled the system invites the user to create a master password for the computer. If a user password is forgotten, the master password or recovery key may be used to decrypt the files instead.
Migration[edit]
Migration of FileVault home directories is subject to two limitations:[5]
If Migration Assistant has already been used or if there are user accounts on the target:
If transferring FileVault data from a previous Mac that uses 10.4 using the built-in utility to move data to a new machine, the data continues to be stored in the old sparse image format, and the user must turn FileVault off and then on again to re-encrypt in the new sparse bundle format.
Manual encryption[edit]
Instead of using FileVault to encrypt a user's home directory, using Disk Utility a user can create an encrypted disk image themselves and store any subset of their home directory in there (for example, ~/Documents/private). This encrypted image behaves similar to a Filevault encrypted home directory, but is under the user's maintenance.
Encrypting only a part of a user's home directory might be problematic when applications need access to the encrypted files, which will not be available until the user mounts the encrypted image. This can be mitigated to a certain extent by making symbolic links for these specific files.
Limitations and issues[edit]Backups[edit]
Without Mac OS X Server, Time Machine will back up a FileVault home directory only while the user is logged out. In such cases, Time Machine is limited to backing up the home directory in its entirety. Using Mac OS X Server as a Time Machine destination, backups of FileVault home directories occur while users are logged in.
Because FileVault restricts the ways in which other users' processes can access the user's content, some third party backup solutions can back up the contents of a user's FileVault home directory only if other parts of the computer (including other users' home directories) are excluded.[6][7]
Issues[edit]
Several shortcomings were identified in Legacy FileVault. Its security can be broken by cracking either 1024-bit RSA or 3DES-EDE.
Legacy FileVault used the CBC mode of operation (see disk encryption theory); FileVault 2 uses stronger XTS-AESW mode. Another issue is storage of keys in the macOS 'safe sleep' mode.[8] A study published in 2008 found data remanence in dynamic random-access memory (DRAM), with data retention of seconds to minutes at room temperature and much longer times when memory chips were cooled to low temperature. The study authors were able to use a cold boot attack to recover cryptographic keys for several popular disk encryption systems, including FileVault, by taking advantage of redundancy in the way keys are stored after they have been expanded for efficient use, such as in key scheduling. The authors recommend that computers be powered down, rather than be left in a 'sleep' state, when not in physical control by the owner.[9]
Early versions of FileVault automatically stored the user's passphrase in the system keychain, requiring the user to notice and manually disable this security hole.
In 2006, following a talk at the 23rd Chaos Communication Congress titled Unlocking FileVault: An Analysis of Apple's Encrypted Disk Storage System, Jacob Appelbaum & Ralf-Philipp Weinmann released VileFault which decrypts encrypted Mac OS X disk image files.[10]
A free space wipe using Disk Utility left a large portion of previously deleted file remnants intact. Similarly, FileVault compact operations only wiped small parts of previously deleted data.[11]
FileVault 2[edit]Security[edit]
FileVault uses the user's login password as the encryption pass phrase. It uses the AES-XTS mode of AES with 128 bit blocks and a 256 bit key to encrypt the disk, as recommended by NIST.[12][13] Only unlock-enabled users can start or unlock the drive. Once unlocked, other users may also use the computer until it is shut down.[3]
Performance[edit]
The I/O performance penalty for using FileVault 2 was found to be in the order of around 3% when using CPUs with the AES instruction set, such as the Intel Core i and MacOS 10.10.3.[14] Performance deterioration will be larger for CPUs without this instruction set, such as older Core CPUs.
Master passwords and recovery keys[edit]
When FileVault 2 is enabled while the system is running, the system creates and displays a recovery key for the computer, and optionally offers the user to store the key with Apple. The 120 bit recovery key is encoded with all letters and numbers 1 through 9, and read from /dev/random, and therefore relies on the security of the PRNG used in macOS. During a cryptanalysis in 2012, this mechanism was found safe.[15]
Changing the recovery key is not possible without re-encrypting the File Vault volume.[3]
Validation[edit]
Users who use FileVault 2 in OS X 10.9 and above can validate their key correctly works after encryption by running sudo fdesetup validaterecovery in Terminal after encryption has finished. The key must be in form xxxx-xxxx-xxxx-xxxx-xxxx-xxxx and will return true if correct.[16]
Starting the OS with FileVault 2 without a user account[edit]![]()
If a volume to be used for startup is erased and encrypted before clean installation of OS X 10.7.4 or 10.8:
Apple describes this type of approach as Disk Password—based DEK.[12]
See also[edit]References[edit]
Retrieved from 'https://en.wikipedia.org/w/index.php?title=FileVault&oldid=944570333'
![]() Comments are closed.
|
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
January 2023
Categories |